Implementing the Top 4 Defense Strategies

The Australian Defense Signals Directorate maintains a list of the Top 35 Mitigation Strategies against targeted intrusions. This is just a reference to the top strategies:

Patch Applications

Patch the Operating System

Minimize the use of local admin

Application whitelisting

…

Looking at these 35 strategies, the DSD claims that

While no single strategy can prevent this type of malicious activity, the effectiveness of implementing the top four strategies remains unchanged. Implemented as a package, these strategies would have prevented at least 70% of the intrusions that DSD analysed and responded to in 2009, and at least 85% of the intrusions responded to in 2010.

This is pretty much in line with the anecdotal reference I could make where we see successful attacks either coming in through unpatched systems (point 1 and 2), flaws in applications developed in-house (kind of point 2) and social engineering (point 3 and 4). However, these things are not that new, aren’t they? We are talking about patch management since a long time – and patch management not only for the Microsoft environment but the all the applications, being it Microsoft, Adobe, in-house Apps as well as Open Source operating systems.